CyberAlerts

CVE-2024-49054

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-49044

Visual Studio Elevation of Privilege Vulnerability

Description: Visual Studio Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.7)

EPSS Score: 0.06%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-49025

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS: MEDIUM (5.4)

EPSS Score: 0.09%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-48747

Description: An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-47854

Description: An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-45877

Description: baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-43784

Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion

Description: lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.

CVSS: MEDIUM (5.7)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-43646

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Description: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.7)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-43645

Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability

Description: Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability

CVSS: MEDIUM (6.7)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-43643

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

Description: Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.8)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: